fix: set user agent cookie on host only (without subdomains) (#7297)

This PR changes the domain / prefix of the user agent cookie from including the subdomain to the domain only and therefore changing the prefix from __Secure to __Host. Note: As the cookie is used to determine existing session on the login UI, applying the change will require end-users to start a new session on the next login, since the existing ones cannot be retrieved anymore.
2025-08-12 00:47:33 +00:00 · 2024-02-15 07:53:59 +01:00
parent 198bc017b8
commit d5266ea51c
2 changed files with 5 additions and 1 deletions
--- a/internal/api/http/middleware/user_agent_cookie.go
+++ b/internal/api/http/middleware/user_agent_cookie.go
@@ -46,7 +46,7 @@ func NewUserAgentHandler(config *UserAgentCookieConfig, cookieKey []byte, idGene
 	opts := []http_utils.CookieHandlerOpt{
 		http_utils.WithEncryption(cookieKey, cookieKey),
 		http_utils.WithMaxAge(int(config.MaxAge.Seconds())),
-		http_utils.WithPrefix(http_utils.PrefixSecure),
+		http_utils.WithPrefix(http_utils.PrefixHost),
 	}
 	if !externalSecure {
 		opts = append(opts, http_utils.WithUnsecure())